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Claims: 

1- A gateway for connecting a public network to an internal network, the gateway 
. comprising: 

5 

a control unit for controlling transmission of incoming and/or outgoing ' data 
between a remote device in the public network and at least one internal device in 
the internal network; 

10 a public port connected to the public network; and 

an internal port connected to the internal network; ' 

a storage unit storing a list of public key identifiers and respectively associated 
15 internal network addresses of internal devices; iand in that 

the control unit is adapted for identifying a destination of the- incoming data, 
which are addressed to a public network address of the gateway, by determining 
an internal network address of the internal device based on public key 
20 information included in the incoming data and the list of public key identifiers and 

associated internal network addresses. 

2. The gateway according to claim 1, wherein the public key information in the 
incoming data includes the public key identifier or allows to determine the public 

25 key identifier. 

3. The gateway according to claim 1 or 2 further comprising an 
encryption/decryption unit for decrypting the incoming data and/or encrypting the 
outgoing data. 

30 

4. The gateway according to one of claims 1 to 3 further comprising an 
authentication unit for verifying the authenticity of transmitted data, an internal 
device, the remote device and/or used keys. 
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5. The gateway according to one of claims 1 to 4, wherein the control unit is 
adapted to provide a connection path for a two-way communication between the 
remote device and an internal device. 

5 6. The gateway according to one of claims 1 to 5 further comprising an access 
control unit for determining whether the incoming or the outgoing data may be 
transmitted according to predefined access control rules. 

7. The gateway according to one of claims 1 to 6, wherein said gateway forwards 
10 incoming data to another gateway. 

8. The gateway according to one of claims 1 to 7, wherein said gateway forwards at 
least a part of received incoming data to another gateway and forwards at least a 
part of said incoming data to an internal device of said internal network. 

15 

9. The gateway according to one of claims 1 to 7, wherein said gateway forwards 
different parts of incoming data to different gateways. 

10. The gateway according to one of claims 7 to 9, wherein received data and/or 
20 different parts of the incoming data are respectively encrypted and/or decrypted 

by the encryption/decryption unit. 

11. The gateway according to one of claims 8 to 10, wherein different parts of 
incoming data are separately encrypted and/or decrypted by the 

25 encryption/decryption unit, whereby if the different parts are forwarded to 

different recipients, the different outgoing data parts are encrypted independently 
for the respective recipients. 

12. The gateway according to one of claims 7 to 1 1 , wherein a public key identifier is 
30 removed form incoming data or at least from a part thereof, and/or data relating 

to the verification of the authenticity of at leiast one of the transmitted data, an 
internal device, the remote device and used keys is removed from said incoming 
data or at least from a part thereof. 



35 



13. The gateway according to one of claims 7 to 12, wherein another public key 
identifier is associated with or included to incoming data or at least a part thereof, 
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and/or data relating to the verification of the authenticity of at least one of the 
transmitted data, an internal device, the remote device and used keys is 
associated with or included to said incoming data or at least a part thereof. 

5 14. A system comprising the gateway according to one of claims 1 to 12 and a 
remote device addressing data intended for an internal device of the internal 
network of the gateway to the public network address of the gateway. 

15. The system according to claim 14, wherein the remote device stores a plurality of 
10 gateway addresses for the destination and selects the public network address of 

the gateway from the list of gateway addresses in accordance with predefined 
first gateway determination rules. 

16. The system according to claim 14 or 15 further comprising a public key 
IS information server providing the public network address of the destination's 

gateway as a destination address upon request. 

17. The system according to one of claims 14 to 16, wherein a public key information 
server stores a plurality of gateway addresses for at least one destination and 

20 selects the public network address of the gateway from the list of gateway 

addresses in accordance with second predefined rules. 

18. The system according to claim 17, wherein said second predefined rules for 
selecting the public network addresses of the gateway comprise at least one of: 

25 

selecting said public network addresses based on a public key that is identified 
or provided to said public key information server; 

selecting said public network addresses based on the authenticity of said data; 

30 

selecting said public network addresses based on the verified integrity of said 
data; 

selecting said public network addresses based on the authenticity of the remote 
35 device requesting said selecting of a public network address of the gateway; 
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selecting said public network addresses based on. the authenticity of the 
intended destination/internal device and/or the authenticity of a public key that is 
identified or provided to said public key information server of said intended 
5 destination/internal device. 

19. The system according to claim 18, wherein said authenticity and/or integrity is 
determined and/or has to be verified by said public key information server. 

10 20. A public key server comprising: 

storage means for storing information in regard to a public key; 

a public key request interface for receiving a request for public key information 
15 stored in said public key information storage means and transmitting the 

requested information to a requesting device in response thereto; wherein 

said storage means stores a ' public network address of a gateway as a 
destination address of data to be transmitted to a recipient, for gateways 
20 identifying the recipient by means of a public key identifier included in the 

transmitted data and forwarding the data to the recipient; and 

said public key request interface is adapted to transmit said stored public 
network gateway address to the requesting device. 

25 

21. A method for transmitting incoming and/or outgoing data between a remote 
device in a public network and an internal device in an internal network, the 
method performed in a gateway of the internal device comprising: 

30 transmitting the data between the remote device and the gateway of the internal 

device; 

forwarding the incoming data from the gateway to the internal device; 

35 storing a list of public key identifiers and associated internal network addresses; 

and 
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identifying a destination of the incoming data, which are addressed to a public 
network address of the gateway, by determining an internal network address of 
the internal device based on public key information included in the incoming data 
5 and the stored list of public key identifiers and associated internal network 

addresses. 



